Can we just succumb to the inevitable and work on building a list of the parts of a smartphone that can't be used to spy on you?
I'm thinking 'maybe the battery door'. Any other suggestions?

What's the point of securing any smartphone when all of your activity on the device is captured elsewhere and sold for profit? They don't just count how many times you play your songs. They count how many times you text during the day. They count how many times you click on icons. They count how many seconds you hover over app icons even when you don't buy them in order to market apps catered to your "maybe" whims. Yes, they do this shit. No, it's not called crazy, it's called statistical analysis to the nth degree in order to maximize profits.

The phone is merely the vehicle. What that vehicle can do all depends on the driver. Unfortunately, we've all been thrown in the back of a telco cab and the driver was told to get lost years ago.

Just don't use that device anywhere public. Or on a public network because they can snoop on you that way.

Yes, I'll just go home and surf. I'm sure I'll be perfectly safe from spying there.

After all, I trust my ISP so much that I don't even consider them a "public" network anymore. They gave me a custom home page that goes right to THEIR website, so it must be private, right? And look here, this systray icon even has their logo! I am so loved I'm practically an employee.

Just don't use that device anywhere public. Or on a public network because they can snoop on you that way.

Yes, I'll just go home and surf. I'm sure I'll be perfectly safe from spying there.

After all, I trust my ISP so much that I don't even consider them a "public" network anymore. They gave me a custom home page that goes right to THEIR website, so it must be private, right? And look here, this systray icon even has their logo! I am so loved I'm practically an employee.

... maybe even eligible for a genuine patent (not that I favor patent, but...)

Can we just succumb to the inevitable and work on building a list of the parts of a smartphone that can't be used to spy on you? I'm thinking 'maybe the battery door'. Any other suggestions?

What's the point of securing any smartphone when all of your activity on the device is captured elsewhere and sold for profit?

The point being there IS an opportunity for anyone who comes up with a workable idea to really really lock down all your gadgets (not only smartphones but all electronic gadgets) so that even when the gadgets are powered up they can't leak _any_ information

Yes, there is. And there are companies that are attempting to offer secure services and devices like this, such as Silent Circle and Blackphone.

However, your mistake with this "profitable" business idea is thinking that the majority of people actually give a shit about security and privacy and will PAY for such a service.

The current environment was birthed from the ignorance that they don't. And won't. Only a small fraction of people care enough to pay, which may or may not be profitable enough to even at

Of course, it's running WebOS, which lets me set up security such that I can require confirmation before an app's allowed to use certain features (eg, GPS), rather than just giving it a blanket 'you're allowed to use GPS whenever you want to'.

The drawback is that I don't have nearly as many apps available to use, being that it's WebOS. (I still blame those horrible Palm Pre commercials with the stoned albino -- why they didn't bother showing that it supported multit

A wireless charging pad? So they can just listen for the power consumption of the CPU with an RF antenna, process the waveforms to extract encryption keys and then hack in via the cellular radio and take information they want?

As much as I mourn my HP Touchpad (Oh man did WebOS multitasking curb-stomp Android multitasking at the time and even considerably later); if you are still running WebOS you probably have bigger security issues. The last update for any Pre models was December 2011, and Touchpad models January 2012. That's a long time for a relatively full featured OS to go without any fixing.

I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity? I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity?

Apparently the sound from your mic and the echo from your gyroscopes were both parsed by your speech-to-text converter. I guess it works better than we thought!

Basically an app can ask for permissions for the gyro only (if it even needs to) and be recording conversation.

Yeah, that's the thing. You don't need permissions for the gyro on Android and iOS, so any and all of the apps that you have on your phone or tablet could be using the gyro and you wouldn't know, except for an anomalous battery drain.

Basically an app can ask for permissions for the gyro only (if it even needs to) and be recording conversation.

Yeah, that's the thing. You don't need permissions for the gyro on Android and iOS, so any and all of the apps that you have on your phone or tablet could be using the gyro and you wouldn't know, except for an anomalous battery drain.

Sure, but on iOS an app is suspended when you are on a phone call unless the app has used the system APIs to enable background execution. There are only a small number of background execution modes and your app must declare which it plans to use. When it comes to location-based background execution (the most likely use of the gyro), your app still gets suspended. The system wakes it up periodically and sends location updates to a function in your app and then gives the app a small time window for that function to return an expected value. It is very much a discrete task-based multitasking system - completely different than normal desktop machines. Good sometimes. Bad sometimes.

Permissions on Android are a bit more rudimentary, so it would be simple to make a background process that just sits and quietly listens to the gyro. You would need to ask for the permission to keep the device awake in order to keep the CPU and sensor chip alive and (in order for it to be practical) the permission to start on boot.

Some of my co-workers were talking about this last week, and I think the effective issue was that while accessing the microphone requires special privileges to be granted to the application, no such privileges are required to access the gyroscope.

Apps request permissions for different pieces of hardware on a case-by-case basis. The average user might raise some eyebrows if an app that shouldn't need it wants to access your microphone, but access to gyroscope data might not even require user acceptance.

Being an un-funny ass must be really hard work these days. If we were to apply the oh-so-humorous ^W's in your post, it would read That's why you should stick with Apple. With an iPhone you can get the same effect simply wrong. Which, as we can see, makes no sense at all.

My phone doesn't have gyroscope, therefore I am safe from people listening in to my conversations.

"Gee boss, we need to spy on this guy! Any ideas how we can do it?"Well he has a smart phone; maybe we can leverage that to our advantage?""Oh, I see what you are getting at; we'll hack the firmware so we can use the oscillations of the GPS to crudely and inaccurately record what he is saying!""Actually, I was thinking we might want to use the attached microphone which is, you know, designed to pick up sound..

Researchers will demonstrate the process used to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. Researchers from Stanford and a defense research group at Rafael will demonstrate a way to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014.

originally researchers analyzed the data in the following categories. wobbling or wiggling in android devices indicated stress patterns, while violent shaking concluded frustration or rage. Finally, a single impact for iPhone devices registered as a trip to the genius bar and an unpaid credit card bill.

They are currently able to recognize the spoken digits 1-9 correctly approximately 80% of the time. This is given a training data set from the same speaker and the same phone. Incredibly impressive, especially since it was done from a web browser and requires no special permissions or even knowledge from the user. For those of you that didn't read it. However, James Bond spy tool this is not yet...

Something tells me that this could quite easily be fixed by filtering out "noise" from the gyroscopes before presenting it to apps. There can hardly be a use case for this finegrained details from the gyro except this one of course.

And we really need "Kalman filters" on our phones? And there is no way in hell that one could filter out the noise level produced by audio (which must be extremely low) and still give enough resolution for the Kalman filter ?

Researchers will demonstrate the process used to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. Researchers from Stanford and a defense research group at Rafael will demonstrate a way to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. According to the "Gyrophone: Recognizing Speech From Gyroscope Signals" study, the gyroscopes integrated into smartphones were sensitive enough to enable some sound waves to be picked up, transforming them into crude microphones.

I can't help but feel like there are gyroscopes involved in this process somehow...

The gyroscopes and accelerometers are two different things. The gryoscope measures tilt of the device, like when you play a racing game. The accelerometer measures change in velocity, like when you shake the phone to shuffle a playlist. Two different sensors.

And no, the gyroscope in your phone does not spin; it is solid state [wikipedia.org].

There are six degrees of freedom here. Three linear, and three angular. Tilting a phone is synonymous with applying angular acceleration to it. A phone existing in a tilted state relative to the ground is experiencing no angular acceleration, but its angle of tilt can be determined by combining the three linear acceleration readings into one vector (assuming the phone is stationary relative to the Earth). The word "tilt" here is ambiguous in that it could relate to either angular

No one will ever bother exploiting this. Neither will anyone bother to exploit the red button attack [slashdot.org] or inferring audio from video recording [slashdot.org]. It's just too tricky to get these working in practice. Even with the gyroscope you get a crummy 100Hz frequency cap with terrible amounts of factors decreasing sound capture quality.

yes read the article, just saying principles not new and plenty of other ways to "bug" a room without entering. good ol' parabolic microphones can listen through walls from outside at over fifty meters range

The app doesn't use your microphone; or you deny it, or whatever. So the app uses the gyro to figure out what you are saying anyway - you have no idea it can even do this because it doesn't use the microphone. 3rd parties could AUDIT and secure the software for government or corporate use--- and it would still record gyro information.

A background app could listen constantly even while other apps have the mic if it can background and use the gyro.

You can thwart this if your phone is rooted. At first I used an app which blocked apps from accessing certain features and data I didn't want them to see, like my location. But then they started to make apps crash when they were blocked this way.

I'm currently using xprivacy [xposed.info]. It generates fake data for things like location, networks, and sensors. If the app insists on getting my location and I don't give it that permission, it still gets a location. But that location is a random place in the world. S

Since a long long time ago (about 50 years now) we've been able to use nearby windows and computer monitors - even picture frames - to pick up sounds inside rooms.

Why bother with a cell phone if you're trying to get a good audio pickup?

If you need to isolate a person, it's not a bad choice, but you can also use the other signals your cell gives out or responds to for locating the person precisely, without technically "using" the phone, and thereby alerting the target.